Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be exploited by unauthenticated attackers to execute code remotely. But, they noted, unlike the PaperCut vulnerability (CVE-2023-27350) recently leveraged by Clop and LockBit ransomware affiliates, CVE-2023-39143 is not a “one-shot” RCE bug. “CVE-2023-39143 is more complex to exploit, involving multiple issues that must be chained together to compromise a server,” they pointed out. … More

The post PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143) appeared first on Help Net Security.